tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Luke" <>
Subject Security Questions
Date Tue, 08 Feb 2005 16:31:51 GMT

When creating a realm does the table name have to be 'user'?

 <Realm  className="org.apache.catalina.realm.JDBCRealm" debug="99"

        userTable="tomcatusers" userNameCol="user_name"
        userCredCol="user_pass" userRoleTable="user_roles"
roleNameCol="role_name" />

With this realm I get a 403, but no login prompt. Before I go through with
recreating the DB and the users I wanted to be sure this was the problem.

Also,  the web.xml in my projects WEB-INF contains the following:

<!-- security -->

Right now I don't want any one to use a servlet that is not authorized
first. What I was expecting was a standard login prompt with the basic (just
getting a 403 as discribed above). However, once I got BASIC working I
wanted to shift to a custom form login:


Can I do this with the url-pattern of *.do? Or do I need to put an actual
directory? The reason I ask is how will Tomcat find the login pages?

My last question is about this:


Is it a good idea to have this? I understand it encrypts all data that is
sent to the server. It seems to me that no system should be without. But I
wanted to check with someone more experienced first whether there were
concerns or limitations I am unaware off.



To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message